I am another crazy person about to start the OSCP adventure. Is anyone else starting the labs around January 2014? If so and if you are interested in exchanging ideas (not solutions) and techniques, please get in touch!

Having read pretty much every post on this forum all I have to say for now is: thanks! There is a lot of good info and resources to help people get started.

I want to start the OSCP really bad. The problem is that my schedule is really tight and when I start I want to have enough time for it, otherwise what's the point. January seems too early for me. I'm shooting for somewhere during the summer. I really hope I can start then.

Master Of Puppets wrote:I want to start the OSCP really bad. The problem is that my schedule is really tight and when I start I want to have enough time for it, otherwise what's the point. January seems too early for me. I'm shooting for somewhere during the summer. I really hope I can start then.

This post sums up my position too. Not enough hours in the day currently! The course does look fascinating and very well put together from what I have read about it

@superkojiman: Thanks for the hint! @masterofpuppets & ccpik1: That's too bad! Hope you'll have time for it at some point!

Personally, I have a full-time job in pentesting and am planning on dedicating 3-4h of my free time per week day as well as a lot of hours on weekends. Also, my employer should give me enough flexibility to use a few work hours here and there. Hopefully, that should be enough time to root all the boxes in the lab - I'm taking the 90 days option.

I am a CISSP certified master of nothing, with over 18 year of experience in the industry. I am however quite comfortable with linux and scripting or writing simple code in assembly language. I'm feeling moderately optimistic.this course should help me fill gaps in networking and be a starter for the further self-education.

First humble results: during the first 30 day period I could barely touch and try not more than 30% of the exercises from the student book.The course is difficult but not impossible to follow. I just need to learn so many things which are quite new to me... Each new section in the study book makes me frustrated at first, and then it usually leads to a little win through reading, thinking, trying etc.Lab time is definitely for a well-prepared mind. My current plan is to exercise in my home lab first, until I master some tools and techniques, and only after that buy 15 more days in the lab.This course reveals how little I know yet. But it helps me gain my knowledge and skills QUICKLY.Great, great thing.

It doesn't matter how quickly you gain your knowledge as long as you make the most out of the lab time and course materials. If you feel that you are not ready to hack the lab boxes yet then you are taking the right approach in training at home first, imho. Feel free to come ping me on IRC if you need help understanding something.

My experience so far - almost 30 days in - has been quite productive and fun. Given my previous background in web development and network administration and having been a pentester for almost 2 years, I was already familiar with most of the concepts described in the course and yet I can't describe how much I have learned in so little time.

In my opinion, the course materials are very good and the labs are just priceless. I feel that this is what has taught me the most. Some real thought and effort have been put into setting up the labs with so many different systems and configurations for us to experiment with. IRC has also proven to be an invaluable resource as many other students are willing to exchange ideas - without spoiling the challenges. The admins have always been helpful too.

So far, I have rooted about half of the boxes in the lab and have tried to document everything as much as possible as I go along (using keepnote). I've also started writing the final report as otherwise it would just be too painful to do it all at once in the end. Another rule I try to follow is to avoid using metasploit as much as possible - not only because of potential limitations during the exam but also because I find that I gain a much better understanding of how an exploit works by doing it the 'manual' way.

In case this is helpful to other people, here is the generic process that has been working for me:

Vulnerability analysisBased on what was found earlier, check for exploits/vulnerabilities for the service versions you found previously (using google, exploit-db/searchsploit, metasploit), check for web attacks (SQL injection, LFI/RFI, XSS, etc). Define the possible attack vectors and decide on which one is best but keep your options open: don't get tunnel vision trying one vector for hours and failing only to find that if you had spent 5 min just trying another route you would have already been in.. Knowing what all of your options are at all times is important for that very reason.

ExploitationThe fun part! If the previous phases went well, there should be enough to work with here. In case it's an exploit: download it, understand it, modify it if necessary, compile it if necessary and run. If the exploit doesn't work, try a different one. If it's a web attack it should be obvious how to proceed as long as you know how all of them work. At this point - if we got this far - we should have some sort of shell on the target.

Privilege escalationSome remote exploits will give you a root/SYSTEM shell but that's not always the case. Escalating privileges can be very easy or very tricky. I found that the more I do it, the better I become at it. There are lots of blogs and resources out there with privilege escalation cheatsheets/script => use them! Go back to phase 1 and enumerate everything you can about the target now that you have access to more things. If using local privilege escalation exploits, again understand, modify, upload to the target, compile try them ALL (the ones that affect that system of course) until one of them works. Some need to be tried more than once. Still not root? Check for weak files/permissions/configurations/etc that you can use to your advantage. Still not root? Think outside of the box! Be creative. Generally, I find this the most painful, frustrating but also the most rewarding phase.

Post exploitationOnce you have pwned a box, get as much information as you can out of it. Not only because it could help you later but also because it's fun to understand how things are linked together.

Post mortemWhat did we learn? Keep notes of found usernames/passwords. Make notes of what local exploits work and keep them handy for the next time you encounter a similar system. Keep notes, add stuff to the report

Obviously, more things can happen during each phase and most systems are different but this is the general gist of what works for me. Also, I didn't want to spoil it for anyone by including too many tips.

Last tips:- Go through the lab guide before you start. It will help.- Enumerate as much as possible. That is key.

My plan is to keep using this strategy and hopefully all the boxes will - eventually - fall.

Just started 2 weeks ago, I went through the videos and pdf first before going to the labs. I'm trying not to use Metasploit even though I have experience using it at my home lab. Its just way easier and I wouldn't learn much. Also, its use in the exam is severely limited.

Previously, I didn't have much experience with bash/batch/python scripting or manual exploits but I'm learning a lot every day and luckily I have 8+ hours a day to focus on nothing but OSCP. Web App and Buffer Overflow exploits are definitely high on my list to learn. This is my first security course after the Cisco CCENT Networking cert I obtained first. The OSCP is definitely a big step up for me, but I think I can do it. As far as lab time, 90 days should be adequate for me although I only got 60 to begin with. I wish I had a 2-3 week head start on the pdf and videos before the lab time kicked in because you really waste some of the lab time while you are getting acquainted with the course material.